2504 failover model is N+1, Meaning a Primary controller with a backup controller. There is no communication between the two controllers and they operate as standalone devices, so you have to configure them separately and license them separately.
2504 does not support SSO (Stateful Switch Over).
Normally with other WLCs you configure them as an HA pair, in the event of a failure of a controller the AP will seamlessly associate to the second controller.
Different WLC Model also cannot be paired with HA and if it happens WLC with higher model will become active and other will go into maintenance mode.
Ensure the secondary controller is licensed to support the same amount of access points as the primary. (This can be an expensive option)
The most common scenario is to purchase an HA-SKU controller AIR-CT2504-HA-K9. (HA is replaced with the number of built in license i.e AIR-CT2504-5-K9 – this is a 5 AP license box and is the smallest number of licenses you can purchase.) This is a box dedicated only for failover situations. It does not contain any built in licenses but will support up the maximum for the box (75) access points in the event of a failover for a period of 90 days. After which time you will start to get license alerts from the controller – after 90 days the access points will continue to work. You can also convert a standard controller i.e a AIR-CT2504-5-K9 into an HA-SKU box with the following command (config redundancy unit secondary)
Hello all. Does anyone know what Cisco’s solution is for wireless IPS now? I have a customer looking to detect brute force attempts against their wireless network or other true IDS/IPS attempts? They’re running 5520 wireless controllers with the 380...
I run around 100 AIR-AP1832I-B-K9 on a WLC 5520 running 220.127.116.11. Recently I have noticed the APs randomly lose their preauth acl in the External WebAuth section. This causes issues for our users trying to connect on our guest wireless as the preauth ACL...
Roaming between different networks and groups of APs. Good Morning. What is the best configuration practice on the controller (Cisco 5520) to roaming between different networks (L3) transparently on a network with authentication on a Firewall.